Most users don't know how vulnerable their email service is, and how scary their government can be.
Thus you need to know how to make it impossible for other people/organization to see your email, even make yourself invisible to them
If you/如果你
-
had nothing to hide/没什么要隐藏的
-
were using only QQ mail or didn't even know what email is/只有QQ邮箱或者不知道什么是电邮
-
were a
good citizenand not aware of the existence of the wall/是一个遵纪守法的好公民 -
were already using numerous hidden email services and PGP/已经在用匿名服务和PGP
then you should stop reading by now/那么不要再看下去了
What you need/你需要
-
Your own PGP keypair/你的PGP钥匙对
-
GPG and other free software you might need/GPG和其它自由软件
-
a secure mindset/安全的思维
Guide/使用指南
Stop using
[email protected], it's extremely unprofessional and I will not reply to any email sent from such an address
How does this work?/工作原理
-
For most users, you just need to know:/普通用户需要知道:
-
Use receiver's public key to encrypt emails sent to them/用收件人的公钥加密发给他们的邮件
-
They will be able to decrypt emails with their private key/他们可以用自己的私钥解密你的邮件
-
And they can use your public key to encrypt emails that sent back to you/他们也可以用你的公钥加密回复给你的邮件
-
How do they know what your key is? Well, put your key on one of the keyservers, like this one, and vice-versa/那么他们如何知道你的公钥呢?只要把你的公钥在一个公钥服务器发布即可,就像这一个,反之亦然(参考下面导入公钥的部分)
-
-
For advanced users, read PGP on Wikipedia
Generate your keypair with GnuPG/使用GnuPG生成钥匙对
1. If you are using Windows/如果你用Windows
- Download GnuPG here/在这里下载GnuPG
2. If you are using *nix/如果你用Mac或者Linux
-
Use your packge manager to install
gpg
, for example, in Debian based distros you useapt-get install gpg
/使用你的包管理器安装gpg
,比如,在Debian类的发行版中你可以apt-get install gpg
-
From a terminal window, type
gpg --full-gen-key
, you will see the following:/在终端窗口里使用gpg --full-gen-key
,然后你会看到: -
Follow its instructions, choose 4096 bit RSA to ensure your encryption is strong enough/按照指导来生成你的钥匙对,注意请使用4096位 RSA加密算法以便确保安全性
-
Then you should export both your public and private keys to use them elsewhere/现在你应该把钥匙对导出从而在别的地方使用它
-
gpg --export -a <key name or id> > pub.asc
will export an ASCII encoded public key to a text file calledpub.asc
, you can publish it on a keyserver/gpg --export -a <key name or id> > pub.asc
可以导出ASCII编码的pub.asc
文本文件,你可以在这里发布你的公钥 -
gpg --export-secret-keys -a <key name or id> > sec.asc
will export your ASCII encoded private key to a text file calledsec.asc
, you will need your passphrase to export a secret key, never publish its content!, you need tochmod 600 sec.asc
to make sure this file is readable only to you/gpg --export-secret-keys -a <key name or id> > sec.asc
会导出你的私钥,同样使用ASCII编码,你需要输入之前设置的保护密码来导出这个私钥,这次的文件叫做sec.asc
,绝对不要泄露这个文件,使用chmod 600 sec.asc
来确保这个文件只有你可以阅读
-
Using a reliable email client and PGP plugin/使用可靠的邮件客户端和PGP插件
-
Personally I use Thunderbird in Arch Linux, with Enigmail plugin/我个人使用Thunderbird和Enigmail插件,它们都是自由软件(后者可以在前者的插件管理器里找到),而且都跨平台可用
-
Simply import your keypair into Enigmail/导入你的钥匙对到Enigmail
-
Then import the public key of your contacts who are going to receive your email/然后导入你联系人的公钥
-
When sending encrypted emails/发电邮的时候
-
Your contacts are able to decrypt your email with their private key (and so are you when you receive an email encrypted with your own public key)/你的联系人可以用他们的私钥解密你用他们公钥加密的邮件(同样的,你也可以解密用你自己的公钥加密过的邮件)
Looking for more solutions?/想知道更多?
-
On mobile platforms, Open KeyChain is available/在移动设备上,你可以用Open KeyChain
-
Also, I recommend using Protonmail, which is located in Swizerland with heavy encryption, and provides features such as expired email and email password/另外我也推荐使用Protonmail, 它是位于瑞士的加密电邮服务商,提供阅后即焚和邮件密码等功能
-
You can find hidden email services yourself, but DO ENCRYPT YOUR EMAIL no matter what email provider you choose/你也可以自己寻找匿名电邮服务,但是一定要加密你的电邮,不管你用谁的服务
近期评论